Chapter 21. SDL-Required Tools and Compiler Options

In this chapter:

This chapter outlines the SDL-mandated security-related tools to be used during the development and testing processes. We focus on tools that are publicly available from Microsoft developer Web sites (such as MSDN) and Microsoft Visual Studio 2005.

Required Tools

At a minimum, the following tools are required during the development process:

PREfast (Microsoft 2005)
FxCop (GotDotNet 2006a)
Application Verifier (Microsoft 2003)
Minimum compiler and build tool versions

Let’s look at each tool in more detail.

PREfast

A product of Microsoft Research, PREfast is a static analysis tool used to detect coding defects in C and C++ code. A subset of these defects is security bugs. PREfast ...

Get Security Development Lifecycle now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Development Lifecycle by Michael Howard, Steve Lipner

Chapter 21. SDL-Required Tools and Compiler Options

Required Tools

PREfast

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly